Intelligence  Community 
Public  Key  Infrastructure 

(IC  PKI) 


©  2002  The  MITRE  Corporation 
This  technical  data  was  produced  for  the  U.S. 
Government  under  contract  99-G0001 09-000,  and 
is  subject  to  the  Rights  in  Data-General  Clause 
52.227-14  (JUNE  1987). 


MTRE 


Report  Documentation  Page 

Form  Approved 

0MB  No.  0704-0188 

Public  reporting  burden  for  the  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and 
maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information, 
including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington 

VA  22202-4302.  Respondents  should  be  aware  that  notwithstanding  any  other  provision  of  law,  no  person  shall  be  subject  to  a  penalty  for  failing  to  comply  with  a  collection  of  information  if  it 
does  not  display  a  currently  valid  0MB  control  number. 

1.  REPORT  DATE 

2002 

2.  REPORT  TYPE 

3.  DATES  COVERED 

00-00-2002  to  00-00-2002 

4.  TITLE  AND  SUBTITLE 

Intelligence  Community  Public  Key  Infrastructure  (IC  PKI) 

5a.  CONTRACT  NUMBER 

5b.  GRANT  NUMBER 

5c.  PROGRAM  ELEMENT  NUMBER 

6.  AUTHOR(S) 

5d.  PROJECT  NUMBER 

5e.  TASK  NUMBER 

5f.  WORK  UNIT  NUMBER 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

MITRE  Corporation, 202  Burlington  Road, Bedford,MA, 01730- 1420 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESS(ES) 

10.  SPONSOR/MONITOR’S  ACRONYM(S) 

11.  SPONSOR/MONITOR’S  REPORT 
NUMBER(S) 

12.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release;  distribution  unlimited 

13.  SUPPLEMENTARY  NOTES 

The  original  document  contains  color  images. 

14.  ABSTRACT 

15.  SUBJECT  TERMS 

16.  SECURITY  CLASSIFICATION  OF: 

17.  LIMITATION  OF 
ABSTRACT 

18.  NUMBER 
OF  PAGES 

19 

19a.  NAME  OF 
RESPONSIBLE  PERSON 

a.  REPORT 

unclassified 

b.  ABSTRACT 

unclassified 

c.  THIS  PAGE 

unclassified 

Standard  Form  298  (Rev.  8-98} 

Prescribed  by  ANSI  Std  Z39-18 


Outline 


•  The  US  Intelligence  Community 

•  Why  is  PKI  needed  on  CLASSIFIED  networks? 

•  What  is  in  an  1C  PKI  Certificate? 

•  Current  1C  PKI  Status 

•  Notional  1C  PKI  Topology 

•  MITRE  1C  PKI/FSD  Laboratory 

•  Certificate  Vaiidation 

•  1C  PKI  Requirements  and  Issues 

•  Conclusion 


2 


MTRE 


The  US  Intelligence  Community 


Central  / 

Intelligence  / 

Agency  /  Defense 
/  Intelligence 
L  /  Agency 


Department 
,  of  Stale 


National 

Security 

Agency 


Department 
of  Energy 


~  Director  ^ 
of  Central 
Intelligence  (DCI) 


Department 
of  the 
Treasury 


Army 

Intelligence 


ODCl 
Community 
k  Manage 

V  mem 


National 
Intelligence 
Council  j 


Federal 
Bureau  of 
Investigation 


Navy 

Intelligence 


National 
Reconnaissance 
k  Office  / 


Air  Force 

Intelligence 


/  Nationai 
r  Imagery 
and  Mapping 
Agency 


Marine  ’ 
Corps 
telligence 


3 


Ref:  CIA  website  http://www.cia.gov/ic/contents.html 


MTRE 


Why  is  PKI  Needed  on  CLASSIFIED  Networks? 


•  The  ability  to  establish  more  secure  areas  on  CLASSIFIED 
networks  is  essential  to  wider  release  and  dissemination  of 
data  to  the  end  users 

-  Data  dissemination  that  needs  to  be  tracked  and 
controlled 

-  Data  restricted  to  those  with  a  “need  to  know” 

-  Compartmented  data  (beyond  the  level  of  the  network) 

-  Originator-controlled  data 

-  Data  restricted  to  those  on  a  “by  name”  access  control 
list 
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Why  is  PKI  Needed  on  CLASSIFIED  Networks? 
(cont) 


•  PKI-enabled  applications  can  include: 

-  Secure  messaging  applications 

•Who  sent  me  that  message? 

-  Secure  Web  access  and  Communities  of  Interest  (COIs) 

•  How  do  I  keep  other  people  from  viewing  this  data? 

-  Release  authorities  and  disclosure  procedures 

•  How  do  I  know  I  can  release  this  information? 

-  Mobile  Code  and  object  signing 

•Who  authored  this  applet  and  can  it  be  trusted? 

-  Virtual  Private  Networks  (VPN) 

•  How  can  I  have  a  (more)  secure  connection? 

-  Collaborative  toolkits 

•Can  we  establish  a  (more)  secure  VTC? 
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Why  is  PKI  Needed  on  CLASSIFIED  Networks? 
(cont) 


•  In  addition,  agencies  are  aiiowed  to  use  the  1C  PKI  certificate 
for  internai  purposes 

-  Approvai  documents 

~  Eiectronic  workfiow  appiications 

-  Restricted  access  directories  and  documents 

-  Financiai  forms 
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1C  PKI 


IC  Communities  of  Interest 


Network 

Access 

Control 

Level 

Description 

Access  Control  Mechanism 

Server 

Management 

Certificate 

Technical  Requirements 

1 

General  Access 

None 

Information  available  to  all  network 

users 

2 

Controlled  Access 
(Simple  I  &  A) 

Access  may  be  controlled  by  non- 
certificate  based  controls 

3 

Authenticated 
(Certificate  based 
i&A) 

Vaiid  Community  certificate 
required 

Community 

SSL 

4 

Restricted 

Membership 

Distributed  Controi 

COi  access  decision  is 
managed  according  to  ruies 
approved  by  data  owners  and 
the  decision  process  may  be 
centraiized  or  decentraiized 

Per  data 
owner's 

consent 

Community 

SSL 

5 

Restricted 

Membership 

Data  Owner 
Controiied 

COi  access  decision  is 
managed  by  the  data  owner 

Data  Owner 

Community 

SSL 

6 

Restricted 

Membership 

Self-Protecting  Data 

COI  access  decision  is  managed  by 
the  data  owner 

Data  Owner 

Data  Owner 
designates 
Certificate 
Authority 
(Community  or 
other) 

Self-Protecting  Data  -  Data  are 
encrypted  in  transit  and  at-rest  and 
are  only  accessible  by  authorized 
user 
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What  is  in  an  IC  PKI  Certificate? 


Signature  Certificate  (required  elements) 


Basic  Certificate 

Version 

V3(2) 

Identified  which  version  of  X.509 
standard  is  being  used 

Serial  Number 

Unigue  integer 

Identifies  certificate 

Issuer  Signature  Algorithm 

sha1  WithRSAEncryption 

Specified  signature  algorithm  for 
CA  key 

Issuer  Distinguished  Name 

Country  Code 

C 

US 

Country  of  certificate  issuance 

Oraanization 

0 

U.S.  Goyernment 

Per  federal  PKI  auidelines 

Oraanizational  Unit  1 

out 

DCI 

Cabinet-leyel  oraanization 

Oraanizational  Unit  2 

OU2 

CIA 

Aaency 

Common  Name 

CN 

CIA-IC-PKI 

Name  of  aaency  certificate  authority 

Validity  Period 

01 2400ZMAY00-01 2400ZMAY03 

User  certificates  are  valid  for  up 
to  three  years 

Subject  Distinguished  Name 

Country  Code 

c 

US 

Country  of  certificate  issuance 

Oraanization 

o 

U.S. Goyernment 

Per  federal  PKI  auidelines 

Oraanizationai  Unit  1 

out 

DCI 

Cabinet-leyel  oraanization 

Oraanizationai  Unit  2 

OU2 

CIA 

Aaency 

Common  Name 

CN 

MacGarrigle. Ellen. F.1234UYTF 

Unique  name  within  an  agency  (at 
aaency  discretion) 

Subject  Public  Key  Information 

1024  RSA  key  modulus, 

RSA  encryption 

Information  needed  to  process 
user's  public  key 

Issuer's  Signature 

shal  WithRSAEncryption 

Actual  issuer  key  signature 
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What  is  in  an  IC  PKI  Certificate  (cont)? 


Signature  Certificate  (required  elements) 


Extensions 

Key  Usage 

email  signing  certificate: 
digitalSignature  set 
non-repudiation  set 
keyEncipherment  not  set 

Permits  use  for  authentication 
and  non-repudiation  only  when 
used  with  newer  S/MIME 
clients 

Certificate  policies 

id-US-level3  ::={id-certificate- 
policy  7} 

Alphanumeric  code  identifying 
governing  Level  3/Level  4  PKI 
Dolicv 

Subiect  Alternative  Name 

macaari^cia 

User's  ICEmail  address 

Subject  Directory  Attributes 

Nationalitv=US 

Citizenship  of  user 

Emolovee  T vDe=Contractor 

Employment  status  of  user 

“Many  legacy  S/MIME  clients  do  not  enforce  functional  separation  so  both  the  digitalSignature  and  keyEncipherment  flags  may  be  set  in 
some  certificates.  Since  newer  S/MIME  clients  that  enforce  functional  separation  are  beginning  to  become  available,  the  IC  PKI  shall 
require  one  S/MIME  certificate  with  the  digital  signature  and  non-repudiation  bits  set  and  a  second  certificate  with  the  key  encipherment 
bit  set  for  those  clients.”  (IC  PKI  Certificate  Policy) 


Note:  fields  in  red  italics  mean  required  but  “non-critical”  fields 
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User  base  Root 


Notional  IC  CA  PKI  Topology 
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PKI/FSD  Lab  Configuration 
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Current  IC  PKI  Status 


•  Overarching  Policy  signed  October  1999 

•  Certificate  Policy  signed  February  2000 

•  IC  standup  effort  currently  underway 

-  Root:  Interim  Authority  to  Operate  (lATO)  on  24Jul00,  final 
ATO  issued  OSAugOO 

-  NSA:  Interim  Approval  to  Test  (lATT)  AugOO,  lATO  SepOO 

-  CIA:  lATT  AprOI,  ATO  JunOI 

-  Common  Services  (IMO)  (inci  NIMA):  lATT  JunOI,  lATO 
SepOl ,  ATO  DecOI 

^  -  DIA:  lATT  August  2001,  lATO  October  2001,  planned  ATO 
Feb02 

-  NRO:  Planned  lATT  Mar02(?),  planned  ATO  May02(?) 
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Certificate  Validation  (cont) 


•  To  ensure  certificate  vaiidity,  certificates  must  be  verified 

-  Appiications  may  check  expiration  dates  but  other  checks 
are  not  automatic 

~  Certificates  may  be  revoked  for  the  following  reasons: 

•  identifying  information  or  attributes  in  the  end  entity’s 
certificate  changes  before  the  certificate  expires; 

•the  certificate  subject  can  be  shown  to  have  violated 
the  CP  or  the  CPS  of  the  CA  who  issued  the  certificate; 

•fraudulent  use  or  suspected  compromise;  or 

•the  user  or  other  authorized  party  (as  defined  in  the 
CA's  CPS)  asks  for  his/her  certificate  to  be  revoked 

-  Two  approaches  are  supported  today: 

•Certificate  Revocation  Lists  (CRLs) 

•Online  Certificate  Status  Processing  (OCSP) 
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Certificate  Validation  (cont) 


•  Certificate  Revocation  Lists  (CRLs) 

~  A  iist  of  revoked  certificates  issued  by  an  1C  PKI  CA 

~  Each  CA  issues  their  own  CRL 

-  CRLs  are  periodicaiiy  issued  to  refiect  revoked 
certificates 

•  CRLs  work  on  a  “push/puii”  basis  (an  issuing  CA 
periodicaiiy  “pushes”  the  information  out;  other  CAs 
periodicaiiy  “puii”  this  information  in) 

•1C  PKI  CP  mandates  a  new  CRL  every  28  days 

Nonroutine  revocations  are  issued  within  six  hours 

-  CRL  retrieval  is  based  on  organizational  need/processes 

•Community  applications  that  understand  CRLs  must 
retrieve  a  CRL  at  least  every  72  hours 

-  CRLs  need  a  central  distribution  point  or  points 
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Certificate  Validation  (cont) 


•  Online  Certificate  Status  Processing  (OCSP) 

-  OCSP  means  that  a  CA  automatically  attempts  to  validate 
a  certificate  each  time  the  certificate  is  used 

~  Each  CA  must  maintain  an  OCSP  lookup  point  wherein 
the  relevant  information  is  located 

~  OCSP  works  in  real  time  but  must  as  a  minimum  meet  the 
same  mandated  deadlines  as  CRLs  (28  days/6  hours) 

-  OCSP  options 

•A  CA  may  “push”  the  CRL  to  the  OCSP  responder 

•A  CA  may  “push”  the  CRL  to  the  FSD  and  the 
responder  “puils”  it  from  there 

•Some  CAs  have  built-in  responders  that  automatically 
“pull”  the  needed  data  from  the  issuing  CA 

-  Few  appiications  currently  use  OCSP 
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IC  PKI  Requirements  and  Issues 


•  Lack  of  common  IC  directory 

-  Extensive  instaiied  base  preciudes  singie  common 
directory 

-  Federated  approaches  make  directory-based  functionaiity 
more  compiex  and  may  impose  more  processing 
overhead 

-  Directory  is  not  yet  operationai  even  though  IC  PKI  has 
reached  IOC 

•  Desire  to  avoid  separate  operations  and  maintenance 
infrastructure 

~  Most  O&M  costs  for  PKI  are  labor-related  (registration  and 
revocation  are  manpower-intensive) 

-  IC  PKI  structure  mirrors  DoD  structures  as  much  as 

possible  to  allow  reuse  of  already-planned  support 
organizations  and  procedures _ 
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IC  PKI  Requirements  and  Issues  (cont) 


•  Absolute  need  for  key  escrow 

-  Required  for  counterintelligence  purposes 

•  Auditing  and  Malicious  Code  Detection  Policies 

-  Should  an  encrypted  message  be  logged  and  scanned  at 
the  gateway? 

•  Foreign  (allied)  national  access 

~  US  users  of  foreign  allied  networks  have  a  need  to  access 
US  resources 

•  PKI  deployment  and  training  issues 

-  We  need  good  user  training  materials 
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IC  PKI  Requirements  and  Issues  (cont) 


•  We  have  a  real  requirement  for  “group”  certificates  with 
individual  audit  capability 

-  Ease  of  operations  makes  it  imperative  that  some 
messages  be  sent  and  received  from  common  addresses 
and  accounts 

•A  virus  warning  would  be  “signed  and  sent”  from  an 
agency  GIRT  desk  to  prove  its  authenticity;  a  user 
would  not  have  to  identify  John  Doe  as  being  the 
watch  officer 

•A  watch  officer  comes  on  duty  to  relieve  another  watch 
officer  and  wants  to  be  able  to  read  all  emails  sent  and 
received  from  the  position  during  that  duty  day 

•A  question  arises  about  a  warning  sent  by  a  duty 
officer  position  six  months  ago;  who  was  the 
individual  who  sent  that  official  message? 
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Conclusion 


•  IC  PKI  is  on  schedule  to  complete  infrastructure  deployment 
this  year 

•  In  2002  IC  PKI  is  moving  toward 

-  PKI  enablement  of  applications 

~  Updating  original  hardware  and  software  configurations 

-  User  training  and  education 

-  Interim  directory  deployment 

-  Vendor  interoperability  issues 
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